You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/04/18 08:49:55 UTC

DO NOT REPLY [Bug 53098] New: mod_proxy_ajp: patch to set worker secret passed to tomcat

https://issues.apache.org/bugzilla/show_bug.cgi?id=53098

             Bug #: 53098
           Summary: mod_proxy_ajp: patch to set worker secret passed to
                    tomcat
           Product: Apache httpd-2
           Version: 2.2.22
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy_ajp
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: dab18@izhnet.ru
    Classification: Unclassified


Created attachment 28630
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=28630
adding "secret" proxypass option

apache httpd config:
ProxyPass /test ajp://localhost:8009/test secret=123

tomcat config:
<Connector protocol="AJP/1.3" requiredSecret="123" ... />

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=53098

--- Comment #2 from Dmitry <da...@gmail.com> ---
example of more secure configuration.

main apache virtualhost file (world readable):

...
ProxyPass /test ajp://localhost:8009/test
#Include must be after ProxyPass
Include ajp_secrets.include
...

contents of ajp_secrets.include (only root readable):

...
ProxySet ajp://localhost:8009/test secret=123
...

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=53098

--- Comment #1 from Jacob Champlin <ja...@gmail.com> ---
Voting for this bug because this is the only way to prevent someone from
constructing a ajp request and sending it with a invalid username to a tomcat
server.  This module should support this.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=53098

Jacob Champlin <ja...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jacob.champlin@gmail.com

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=53098

kmclaugh@gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |kmclaugh@gmail.com

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=53098

Christophe JAILLET <ch...@wanadoo.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |PatchAvailable

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 53098] mod_proxy_ajp: patch to set worker secret passed to tomcat

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=53098

Christophe JAILLET <ch...@wanadoo.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #28630|0                           |1
           is patch|                            |
  Attachment #28630|application/octet-stream    |text/plain
          mime type|                            |

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org